Application. No. 09/712,780 Docket No. CISCO-3095 

Amendment dated May 6, 2004 

Reply to Office Action of February 9, 2004 

Amendments to the Specification; 

Please replace the second paragraph, beginning on line 20, page 2, with the following 
amended paragraph: 

U.S. Patent AppKcation Serial No. 09/712.005 , filed November 13, 2000 in the name of 
inventors Pumam Sheth, Aravind Sitaraman, Charles Yager and Gregory Bums, entitled 
"PPP/L2TP Domain Name Pre-Authorization", commonly assigned herewith. 

Please replace the second paragraph, beginning on line 10, page 16, with the following 
amended paragraph: 

The LAC 360 is linked to a separate server/memory device 355, herein referred to as an 
Authentication, Authorization and Accounting (AAA) server 355. The LAC 360 and the AAA 
server 355 communicate with one-another according to the Remote Acc e ss Authentication Dial- 
In User Service (RADIUS) protocol. The specific details of the RADIUS protocol are well 
known by those of ordinary skill in the art. Moreover, as will be apparent to those of ordinary 
skill in the art, the RADIUS protocol has limited applicability to the present invention and, 
therefore a detailed discussion of this protocol is deemed unnecessary. The preferred methods of 
the present invention described herein are not limited to the use of the RADIUS protocol and 
other equivalent authentication protocols may be used. 

Please replace the second paragraph, beginning on line 10, page 17, with the following 
amended paragraph: 

The virtual circuit profile packet travels fi-om the AAA server 350 to a second receiving 

interface (not shown in Fig. 4) within the LAC 360 where the LAC 360 serves to create secure 
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channels to private areas of the network for those users who are authorized to use such sites and, 
an assessor within the LAC 360 makes a determination as to whether or not the virtual circuit 
profile for DSLAM port has a tunnel s e l e ction domain configuration override attribute associated 
with it. A calculator determines whether the service associated with the virtual circuit matches 
the service associated with the domain configuration override attribute. If a tunn e l s e l e ction 
domain configuration override attribute does not exist in the profile, a connection is opened 
through the homo gate 395 LNS 400 of the requested private domain 330. If a tunn o l G o lection 
domain configuration override attribute does exist in the virtual circuit profile for the specified 
DSLAM port, or if the PPP authentication packet does not include a domain name, [a] an 
exclusive tunnel is established with the LNS 400 associated with the domain indicated bv the 
virtual circuit profile corresponding to the DSLAM port. 

Please replace the second paragraph, beginning on line 12, page 21, with the following 
amended paragraph: 

The tunn e l s e l e ction domain configuration override attribute is requested by the domain 

owner to be placed in virtual circuit profiles. It allows the service provider the capability to 

ensure that a PPP session originating fi-om a DSLAM port allocated to a particular domain can 

connect with only that particular domain, regardless of what domain name is entered in the PPP 

authentication packet. This provides added security to the owner of the private domain by 

lessening the likelihood of an unauthorized access to the home gateway of a corporate intranet. 

The service provider would have the control over which ports are allocated to which domains. 

The service provider would also have control over which ports have the tunnol s e l e ction domain 

configuration attribute in their virtual circuit profile and are, thus, limited to one domain and 
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which virtual circuit profiles do not contain the tunnel s e lection domain configuration override 
attribute and are, thus, free to connect to more than one domain. 
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